CCX Duo Connector and Cisco Security Support

About Us: CyberCX is Australia’s greatest force of cyber security. Our highly skilled professional services team operates a 24x7 on-shore security operations centre (SOC) servicing corporate and public sector organisations across Australia and New Zealand, specialising in Security Operations services leveraging Splunk. Description: The CCX DUO Connector Support provide additional support for both Add-ons "Duo Splunk Connector" and "Cisco Security Cloud", and looks to enhance, improve extraction, and tagging for Duo logs. This TA was built using a large dataset and endeavours to be the most CIM compliant comprehensive field extraction TA available for Duo logs ingested via Duo Splunk Connector API or Cisco Security Cloud API integrations. Fully compatible with Splunk Enterprise and Splunk Cloud, built by an Ops team for Ops teams. Features: - This TA currently supports logtypes tagged under the following CIM datamodels: Alerts, Authentication, and Change. - The CCX DUO Connector Support Add-on for "Duo Splunk Connector" (https://splunkbase.splunk.com/app/3504/) provide an additional sourcetype for selection ("duo") which replaces the use of default json by Splunk. *Please under "More settings" on "Duo Splunk Connector" setup select Set sourcetype to "duo" and proceed.